Page 6 - index
P. 6
“The next big cyber attack likely will strike critical infrastructure assets in the United States,
which could bring the world’s remaining superpower to its knees, according to cybersecurity
experts.”
While undoubtedly attention grabbing, this introduction both indulges in cyber’s bestselling
thriller aspects and misleads the reader as to the nature of the cyber challenge and the most
effective mechanisms with which to manage it. This is, unfortunately, not uncommon. There
are myriad voices in government, industry and academia using terms gleaned from kinetic
warfare like “kill chain,” “opposing forces,” “enemy” and “interdiction” to describe cyber activities.
The perpetuation of such perspectives is at best incorrect and at worse, may squander precious
resources on approaches that exacerbate the problem.
Interestingly, it’s the critical infrastructure community, often derided for being a latecomer to the
cybersecurity arena, that has accumulated significant wisdom with respect to strategies that can
transform the security landscape. Rather than channeling their inner Curtis “Bomb them into the
Stone Age” LeMay and taking a fruitlessly combative stance, critical infrastructure engineers
have long recognized that operations take place in an atmosphere that is ipso facto hostile and
that system reliability, achieved through risk mitigation, is the top level requirement.
Given the dire consequences of system failures or service interruptions, that’s not surprising.
Operational safety of nuclear reactors, for example, is paramount just as datalink continuity is in
the telecommunications and aviation industries.
As a result, safety and reliability are emphasized to an extent that seems to conflict with
conventional cybersecurity requirements. The operative word here is “seem.” What critical
infrastructure engineers are actually doing is managing the risks attendant to operating in an
inherently hostile environment. Individual threats aren’t addressed, per se. Rather, the safe
and continuous continuity of operations is assured.
Taking a systems view and mitigating risks through systems engineering to assure safe and
continuous operations in a hostile environment happens on a routine and ongoing basis. In
2014, some 661 million people spent nontrivial amounts of time at altitudes ranging from 25,000
to 35,000 feet.
Average temperatures at these heights range from -30 to -65 degrees Fahrenheit, and human
survival times in such conditions range from three to five minutes. People also routinely travel
in conditions of hard vacuum and baseline temperatures of -454 degrees Fahrenheit. Others
ply their trade in a liquid environment where fatal respiratory impairment is an ever present
danger.
Despite the inherent hostility of these environments, fatalities are few. Up-front systems
engineering ensures that risks are understood and managed through solution architecture and
design. People survive at 35,000 feet because the environment’s inherent risks are mitigated
by wrapping a Boeing 777 (or other) aircraft around them. Spacefarers negotiate conditions of
vacuum, significant background radiation and fatal temperatures because the International
Space Station’s design manages these issues.
6 Cyber Warnings E-Magazine – March 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
